CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2021-27795 – License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software,
https://notcve.org/view.php?id=CVE-2021-27795
Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. Plataformas de hardware Brocade Fabric OS (FOS) que ejecutan cualquier versión del software Brocade Fabric OS, que admita el formato de cadena de licencia; contienen problemas criptográficos que podrían permitir la instalación de claves de licencia falsificadas o fraudulentas. Esto permitiría a los atacantes o a una parte malintencionada falsificar una clave de licencia falsa que la plataforma Brocade Fabric OS autenticaría y activaría como si fuera una clave de licencia legítima. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21289 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4163 – Possible buffer overflow in portcfgfportbuffers in Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-4163
In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command. En Brocade Fabric OS antes de v9.2.0a, un usuario privilegiado autenticado localmente puede desencadenar una condición de desbordamiento de búfer, lo que lleva a un pánico del kernel con una gran entrada a los búferes en el comando portcfgfportbuffers. • https://security.netapp.com/advisory/ntap-20231130-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22514 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3489 – firmwaredownload command could log servers passwords in clear text
https://notcve.org/view.php?id=CVE-2023-3489
The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS. El comando firmwaredownload en Brocade Fabric OS v9.2.0 podría registrar la contraseña del servidor FTP/SFTP/SCP en texto plano en el archivo "SupportSave" al realizar un downgrade de Fabric OS v9.2.0 a culaquier versión anterior de Fabric OS. • https://security.netapp.com/advisory/ntap-20231124-0003 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22510 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31926 – Arbitrary File Overwrite using less command
https://notcve.org/view.php?id=CVE-2023-31926
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22388 • CWE-281: Improper Preservation of Permissions CWE-665: Improper Initialization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31927 – An information disclosure in the web interface of Brocade Fabric OS
https://notcve.org/view.php?id=CVE-2023-31927
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. • https://security.netapp.com/advisory/ntap-20230908-0007 https://support.broadcom.com/external/content/SecurityAdvisories/0/22389 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •